Difference between revisions of "Backup of ESXi Virtual Machines using Affa"

From SME Server
Jump to navigationJump to search
(added Dropbear update section)
(reworked. for storing on non-volatile USB device)
Line 5: Line 5:
  
 
A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory.
 
A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory.
 +
 +
{{Note box|This document is applicable for ESX3i with an USB boot device. It will most likely not work with other type boot devices}}
  
 
{{Warning box|As Affa Version 2 is in a BETA state, errors in design and/or implementation cannot be completely eliminated. Therefore take precautions to avoid negative impacts to your system. In particular do not use it on production systems.}}
 
{{Warning box|As Affa Version 2 is in a BETA state, errors in design and/or implementation cannot be completely eliminated. Therefore take precautions to avoid negative impacts to your system. In particular do not use it on production systems.}}
Line 46: Line 48:
  
  
==== Configuration of the SSH Service on the ESXi Host ====
+
==== Configuring SSH and RSYNC on the ESX3i Host ====
(''Note: ESXI uses Dropbear rather than OpenSSL Server)''
+
By default the SSH service is disabled and rsync is not installed. ESXi uses Dropbear rather than OpenSSL as the SSH Server. The installed Dropbear Version 0.49 has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
  
On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell.  
+
To set up ESXi for use with Affa we must:
 +
* enable SSH service by configuring inetd.conf and restarting the inetd service
 +
* install rsync (statically linked binary)
 +
* update Dropbear to version 0.51
 +
* create a /root home directory  with a .ssh sub directory to store the public keys for password-less login
 +
* link the .ssh directory to the non-volatile USB device
 +
* add a command to /etc/rc.local that executes all the steps above at boot time
  
Login with the root password.
+
The following script does this all:
 +
<pre>
 +
# enable ssh service
 +
sed -e 's/^#\(ssh.*\)/\1/' < /etc/inetd.conf > /etc/inetd.conf.affa
 +
mv -f /etc/inetd.conf.affa /etc/inetd.conf
  
[[Image:Affa_esxi_service_console.gif‎]]
+
# reload inetd configuration
 +
kill -HUP `ps | grep inetd | sed -e 's/ .*//'`
  
Edit the '/etc/inetd.conf' file using the vi editor. Remove the leading Hash ('#') from this line:
+
# install Dropbear 0.51
#ssh    stream  tcp    nowait  root    /sbin/dropbearmulti     dropbear ++min=0,swap,group=shell -i
+
rm -f /sbin/dropbearmulti; cp -a /bootbank/bexi/dropbearmulti /sbin/dropbearmulti
Save the file.
+
ln -fs /sbin/dropbearmulti /bin/ssh
  
Find the PID of the inetd process: (1302 in this example)
+
# install sftp-server (needed for FUSE sshfs mount)
ps | grep inetd
+
cp -a /bootbank/bexi/sftp-server-static /usr/libexec/sftp-server
  
<tt>1302 1302 busybox              inetd</tt>
+
# install rsync 3.0.4 statically linked
 +
cp -a /bootbank/bexi/rsync-static /bin/rsync
  
Send HUP signal to force inetd to re-read the configuration
+
# root home dir for storing public keys
 +
mkdir -p /bootbank/bexi/root/.ssh
 +
touch /bootbank/bexi/root/.ssh/authorized_keys
 +
touch /bootbank/bexi/root/.ssh/known_hosts
  
kill -HUP 1302
+
# link .ssh dir to non-volatile USB location
Now you can ssh logon.
+
mkdir -p /root
 +
ln -fs /bootbank/bexi/root/.ssh /root/
  
 +
# set new home dir for user root
 +
sed -e 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' < /etc/passwd > /etc/passwd.affa
 +
mv -f /etc/passwd.affa /etc/passwd
  
==== Update Dropbear SSH server and client ====
+
# add execution of this script to rc.local
On ESX3i Dropbear Version 0.49 is installed. This version has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
+
grep -q "/bootbank/bexi/affa-setup.sh" < /etc/rc.local || echo "/bootbank/bexi/affa-setup.sh" >> /etc/rc.local
 +
</pre>
  
Remote copy the dropbearmulti binary to the ESXi host into directory /sbin. This overwrites the existing dropbearmulti version 0.49
+
On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell.  
scp dropbearmulti root@<ESXiIP>:/sbin/
 
Then send the HUP signal to the inetd process as described above.
 
===== How to get dropbearmulti 0.51 binary =====
 
You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
 
  
'''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed:
+
Login with the root password.
1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/
 
  
2. unpack the tarball
+
[[Image:Affa_esxi_service_console.gif‎]]
tar xzf dropbear-0.51.tar.gz
 
cd dropbear-0.51
 
 
 
3. edit the file <tt>options.h</tt> and comment out line 40
 
/*#define NON_INETD_MODE*/
 
 
 
4. configure and compile
 
./configure --disable-zlib --disable-openpty
 
make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
 
strip dropbearmulti
 
 
 
==== Install the rsync program on the ESXi host ====
 
Remote copy the rsync-static binary to the ESXi host into directory /usr/bin.
 
scp rsync-static root@<ESXiIP>:/usr/bin/
 
Create symbolic link to /usr/bin/rsync:
 
ln -fs /usr/bin/rsync-static /usr/bin/rsync
 
 
 
===== How to get the statically linked rsync binary =====
 
You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
 
 
 
'''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed:
 
 
 
1. download the source from http://rsync.samba.org/
 
 
 
2. unpack the tarball
 
tar xzf rsync-3.0.4.tar.gz
 
cd rsync-3.0.4
 
3. build the statically linked binary
 
make CFLAGS="-static" EXEEXT="-static"
 
strip rsync-static
 
 
 
==== Configuration of Public Key Login ====
 
SSH logon to the ESXi host and create a new home directory for user root
 
mkdir -p /root/.ssh
 
chmod -R 700 /root
 
 
 
Edit /etc/passwd using the vi editor and carefully change the line
 
 
 
root:x:0:0:Administrator:/:/bin/ash
 
  
to
+
Download the tarball. The tarball contains all binaries and the script.
 +
cd /bootbank
 +
wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz
 +
Unpack it
 +
tar xzf affa-esxi-setup-01.tgz
 +
rm affa-esxi-setup-01.tgz
 +
and run the script
 +
./bexi/affa-setup.sh
  
root:x:0:0:Administrator:/root:/bin/ash
+
Now you can ssh login and use rsync.
  
Once you have configured the Affa ESXi job, run on the Affa server:
 
affa --send-key <JOB>
 
  
 
=== Setting up an Affa job ===
 
=== Setting up an Affa job ===
Line 159: Line 142:
  
 
The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running.
 
The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running.
 +
 +
 +
=== Addtional Information ===
 +
===== How to make the Dropbearmulti 0.51 Binary and the statically linked Rsync Binary =====
 +
If you want to make the binaries by yourself, run the following on a Centos4/SME7.3 box with devel RPMs installed:
 +
 +
'''Dropbear 0.51'''
 +
 +
1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/
 +
 +
2. unpack the tarball
 +
tar xzf dropbear-0.51.tar.gz
 +
cd dropbear-0.51
 +
 +
3. edit the file <tt>options.h</tt> and comment out line 40
 +
/*#define NON_INETD_MODE*/
 +
 +
4. configure and compile
 +
./configure --disable-zlib --disable-openpty
 +
make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
 +
strip dropbearmulti
 +
 +
 +
'''Rsync 3.0.4 statically linked'''
 +
 +
1. download the source from http://rsync.samba.org/
 +
 +
2. unpack the tarball
 +
tar xzf rsync-3.0.4.tar.gz
 +
cd rsync-3.0.4
 +
3. build the statically linked binary
 +
make CFLAGS="-static" EXEEXT="-static"
 +
strip rsync-static
 +
 +
  
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category: Backup]]
 
[[Category: Backup]]

Revision as of 02:30, 10 November 2008

PythonIcon.png Skill level: Advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.


Introduction

As of version 2, Affa supports hot backing up virtual machines running on the VMWare ESXi server. It uses the VMware Infrastructure Perl Toolkit to communicate with the EXSi and rsync over ssh to transfer the data. Before the backup starts, the state of the running VM is freezed by creating a snapshot of all its disks. After the freezed virtual disk files were backed up, the snapshot is deleted and the config points to the just backed up disks again. Then, as a last step the config files are backed up.

A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory.


Important.png Note:
This document is applicable for ESX3i with an USB boot device. It will most likely not work with other type boot devices



Warning.png Warning:
As Affa Version 2 is in a BETA state, errors in design and/or implementation cannot be completely eliminated. Therefore take precautions to avoid negative impacts to your system. In particular do not use it on production systems.


Preparing the Affa Server

Install the VMware Infrastructure (VI) Perl Toolkit

Download the VI Perl Toolkit tarball from the VMWare web site: http://www.vmware.com/support/developer/viperltoolkit/

Login as root and run:

/usr/bin/yum install openssl-devel
/usr/bin/yum --enable=dag install perl-XML-SAX
tar xzf VMware-VIPerl-1.6.0-104313.i386.tar.gz
cd vmware-viperl-distrib
./vmware-install.pl

Ignore this warning: The following Perl modules were found on the system but may be too old to work with VIPerl: URI XML::NamespaceSupport

Install Affa Version 2 beta

Install the latest Affa 2.x beta version. Download the RPM from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2

/usr/bin/yum --enable=smecontribs localinstall smeserver-affa-2.0.0-beta*.noarch.rpm

Preparing the ESXi Host for use with Affa

To make the ESXi server ready to cooperate with Affa you must install the rsync program, enable the ssh service, configure passwordless ssh login and add a user for communication using the VMware Infrastructure (VI) Perl Toolkit.

Adding an ESXi User with restricted Permissions

Run the Virtual Infrastructure Client and logon to the ESXi host.

Adding Affa role

Switch to the Administration module and add a new role with permissions to create and delete snapshots

Affa add new esxi role.gif

Adding Affa user

Switch back to the Inventory module and add a new user with password:

Affa add new esxi user.gif

Assigning permissions

In the Permission Tab assign the new role to the new user.

Affa add new esxi permission.gif


Configuring SSH and RSYNC on the ESX3i Host

By default the SSH service is disabled and rsync is not installed. ESXi uses Dropbear rather than OpenSSL as the SSH Server. The installed Dropbear Version 0.49 has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.

To set up ESXi for use with Affa we must:

  • enable SSH service by configuring inetd.conf and restarting the inetd service
  • install rsync (statically linked binary)
  • update Dropbear to version 0.51
  • create a /root home directory with a .ssh sub directory to store the public keys for password-less login
  • link the .ssh directory to the non-volatile USB device
  • add a command to /etc/rc.local that executes all the steps above at boot time

The following script does this all:

# enable ssh service
sed -e 's/^#\(ssh.*\)/\1/' < /etc/inetd.conf > /etc/inetd.conf.affa
mv -f /etc/inetd.conf.affa /etc/inetd.conf

# reload inetd configuration
kill -HUP `ps | grep inetd | sed -e 's/ .*//'`

# install Dropbear 0.51
rm -f /sbin/dropbearmulti; cp -a /bootbank/bexi/dropbearmulti /sbin/dropbearmulti
ln -fs /sbin/dropbearmulti /bin/ssh

# install sftp-server (needed for FUSE sshfs mount)
cp -a /bootbank/bexi/sftp-server-static /usr/libexec/sftp-server

# install rsync 3.0.4 statically linked
cp -a /bootbank/bexi/rsync-static /bin/rsync

# root home dir for storing public keys
mkdir -p /bootbank/bexi/root/.ssh
touch /bootbank/bexi/root/.ssh/authorized_keys
touch /bootbank/bexi/root/.ssh/known_hosts

# link .ssh dir to non-volatile USB location
mkdir -p /root
ln -fs /bootbank/bexi/root/.ssh /root/

# set new home dir for user root
sed -e 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' < /etc/passwd > /etc/passwd.affa
mv -f /etc/passwd.affa /etc/passwd

# add execution of this script to rc.local
grep -q "/bootbank/bexi/affa-setup.sh" < /etc/rc.local || echo "/bootbank/bexi/affa-setup.sh" >> /etc/rc.local

On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word unsupported to unlock the shell.

Login with the root password.

Affa esxi service console.gif

Download the tarball. The tarball contains all binaries and the script.

cd /bootbank
wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz 

Unpack it

tar xzf affa-esxi-setup-01.tgz 
rm affa-esxi-setup-01.tgz 

and run the script

./bexi/affa-setup.sh

Now you can ssh login and use rsync.


Setting up an Affa job

The following assumes, that you are already familiar with configuring Affa and only focus on the ESXi specific parts.

Assume you want to backup the virtual machine named 'myvm' on ESXi server with IP 10.200.48.5.

1. log into the 'affabox' and copy the config helper script

cp -a /usr/lib/affa/jobconfig-esxi-sample.pl /root/esxi-myvm-job.pl

2. edit /root/esxi-myvm-job.pl and set

my $jobname='esxi-myvm';

and

'remoteHostName‘=>'10.200.48.5',

3. tell Affa that this job backups a ESXi virtual machine

'ESXi' => 'yes',

4. set the VM name

'ESXiVMName' => 'myvm',

5. set the username and password (this is the ESXi User with restricted permissions created above)

'ESXiUsername' => 'affa',
'ESXiPassword' => 'secret',

6. save the script, then run it

/root/esxi-myvm-job.pl

7. send the public key

affa --send-key esxi-myvm

8. run the job manually

affa --run esxi-myvm

When the Affa job starts, you can watch the snapshot create task in the Virtual Infrastructure Client. Affa esxi viclient tasks.gif

The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running.


Addtional Information

How to make the Dropbearmulti 0.51 Binary and the statically linked Rsync Binary

If you want to make the binaries by yourself, run the following on a Centos4/SME7.3 box with devel RPMs installed:

Dropbear 0.51

1. download dropbear-0.51.tar.gz from http://matt.ucc.asn.au/dropbear/

2. unpack the tarball

tar xzf dropbear-0.51.tar.gz
cd dropbear-0.51

3. edit the file options.h and comment out line 40

/*#define NON_INETD_MODE*/

4. configure and compile

./configure --disable-zlib --disable-openpty
make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
strip dropbearmulti


Rsync 3.0.4 statically linked

1. download the source from http://rsync.samba.org/

2. unpack the tarball

tar xzf rsync-3.0.4.tar.gz
cd rsync-3.0.4

3. build the statically linked binary

make CFLAGS="-static" EXEEXT="-static"
strip rsync-static